Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
SAP S/4HANA OData Service lets attackers update and delete data
CVE-2026-27676
Summary
An attacker can make unauthorized changes to certain data in the SAP S/4HANA system through the OData service. This could lead to incorrect or malicious data being stored in the system. To protect against this, ensure that proper security checks are in place and that users have the correct permissions.
Original title
Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Technical Object Structures), an attacker could update and delete child entities via exposed OData services without prop...
Original description
Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Technical Object Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and availability are not impacted.
nvd CVSS3.1
4.3
Vulnerability type
CWE-862
Missing Authorization
Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026